[PATCH 0/2] fs: set root dir perms
Kees Cook
kees.cook at canonical.com
Tue Feb 22 19:17:50 UTC 2011
Hi Tim,
On Tue, Feb 22, 2011 at 12:02:16PM -0700, Tim Gardner wrote:
> On 02/22/2011 11:28 AM, Kees Cook wrote:
> >With the continuing deluge of bugs in the "debug" filesystem, I would
> >like to make that filesystem's root directory mode 0700 by default since
> >it's filled with crazy stuff that regular users do not need to see.
> >
> >Better to try to just close the door completely on all the stuff in there.
> >It is, after all, supposed to only be used for debugging, right?
> >
> >
>
> On the surface this doesn't look too bad. However, I'd kind of like
> to let it cook upstream for awhile. Your email on LKML has a fairly
> wide distribution, so the responses ought to be interesting.
Oh, er, I thought it was best to get it into Natty ASAP so that we could
shake out any obvious glitches it causes. That was the impression apw gave
me, anyway.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list